Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability Jan 12 2007 10:52PM
sapheal hack pl (1 replies)
Synopsis: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability
Product: Ipswitch WS_FTP 2007 Professional

Issue and details:
===========

The vulnerability was found in wsbho2k0.dll. Function Open ( String ) when given a long argument leads to memory corruption conditions. However, as the issue involves the control
that is not marked safe for scripting nor for initialization, it cannot be exploited remotely. Moreover, as for know I have not proved it is exploitable.

Unhandled exception at 0x7c840a81 in wsftpurl.exe: 0xC0000005: Access violation reading location 0x41414141.

In order to analyze the vulnerability one might execute wsftpurl.exe with a long argument.

When providing a specially crafted string:
"A buffer overrun has been detected which overrun program's internal state".

Additional information:
==============

As for now I am not aware of any exploits for this issue or even proofs that it is exploitable.

Kind regards,

Michal Bucko (sapheal)

[ reply ]
Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability Jan 14 2007 10:03PM
3APA3A (3APA3A SECURITY NNOV RU) (1 replies)
Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability Jan 16 2007 08:41PM
Eliah Kagan (degeneracypressure gmail com) (1 replies)
Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability Jan 16 2007 10:33PM
HACKPL - bugtraq/sapheal (sapheal hack pl)


 

Privacy Statement
Copyright 2010, SecurityFocus